Cisco Switching/Routing :: 6509 Won't Remove ACL Entry
Dec 3, 2012
We have a pair of 6509's with duplicate ACL lists & entries.
1 = Version 12.2(33)SXI4a
2 = Version 12.2(18)SXF15a
I wanted to remove some logging that was on an entry on one of our extended ACL's. On 1 this worked fine with the no 400
400 <acl rule without log>
However on 2 it lets me carry out the no 400 command but when i go to add the 400 <acl rule without log> i get the error % Duplicate sequence number.sure enough when i perform the 'Show access-lists <Name>' it is still there!
I have tried the following:
Adding a duplicate ACL entry before it (399) without log and i still get hits on line 400Adding and removing the duplicate created line 399 (without logging) with no issues.Adding and removing a dupliacte ACL (without Logging) after (line 401) with no issues
It looks like it is just this line it seems to think it has removed but hasn't?!
I understand an option is to duplicate the ACL in a text editor remove line, delete the ACL and put the edit back in .....however i wondered if this is something known (bug).
View 11 Replies
ADVERTISEMENT
May 23, 2012
I have seen other discussions regarding Static MAC address entries on IPv4, but what of IPv6?We have MS NLB solutions and they are working fine. We have Cisco 6509/6504, Version 12.2(33)SXI5
But then we have a new one for a new ActiveDirectory solution, and on those networks we have implemented IPv6.
How is Static MAC address entries and MS NLB solved in IPv6 (i.e arp ip.ip.ip.ip mac.mac.mac ARPA gi1/1). I can't seem to find much examples or documentation on this? Is it replaced with another function?The reason I ask is twofold.
1. I really want to know
2. The NLB cluster seem to drop IPv6 traffic at even intervals, witch seems to correspond with NLB transition.
View 1 Replies
View Related
Jan 29, 2012
I have a 6509 running s72033_rp-ADVIPSERVICESK9_WAN-M version 12.2(33)SXH5. Four incorrect bgp aggregate-address statements were entered in which overlap. Attempted to remove the statements but they won't come out.
aggregate address 16.37.31.0 255.255.224.0 summary-only
aggregate address 16.37.30.0 255.255.224.0 summary-only
aggregate address 16.37.29.0 255.255.224.0 summary-only
aggregate address 16.37.26.0 255.255.224.0 summary only
I have entered in the correct statements and have no problem getting those in, removing them, and reentering them.
View 2 Replies
View Related
Feb 24, 2011
I have a clientless VPN configured for webmail on an ASA 5510. However for some reason it also displays in the drop down of the Anyconnect client, and consequently if you try and connect you do not get redirected to the webmail page. Does any know how i can either remove the entry from the drop down of the Anyconnect client, or force the webpage to open if connection is granted via the AnyConnect client?
View 1 Replies
View Related
Sep 25, 2012
We have a site and on that site we have a server which is down form last two days. However , to manage these devices we are not using any tools. We are not able to find this server that where it is located and on which switch it is connected to.
I want to know that the timer for mac address is 5 minutes and arp timeout is 4 hours . Is there any way to find out the mac address of the server . I feel like this can we done with cef ? Is it true or not I am not sure. I am running 3750 stacks and 2811 routers. 3750 stacks are working as layer 3 devices. They are also running the pretty new IOS 12.2(53)SE.
According to my understanding now a days CEF entry does not expire if we are not using them. They remain in cache as we are running with destination base CEF.
View 4 Replies
View Related
Aug 19, 2011
Does PBR with deny ACL entries on a 3750 are still punted to the CPU? I found this article: URL
High CPU Due to Policy Based RoutingPolicy Based Routing (PBR) implementation in Cisco Catalyst 3750 switches has some limitations. If these restrictions are not followed, it can cause high CPU utilization. You can enable PBR on a routed port or an SVI. The switch does not support route-map deny statements for PBR. Multicast traffic is not policy-routed. PBR applies only to unicast traffic. Do not match ACLs that permit packets destined for a local address. PBR forwards these packets, which can cause ping or Telnet failure or route protocol flapping.
Do not match ACLs with deny ACEs. Packets that match a deny ACE are sent to the CPU, which can cause high CPU utilization.
In order to use PBR, you must first enable the routing template with the sdm prefer routing global configuration command. PBR is not supported with the VLAN or default template
I checked the latest config guide, and those same guidelines are still listed. If that limitation is still there, are those packets switched at the process level (ip_input) or the interrupt level?
View 8 Replies
View Related
Nov 21, 2011
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
View 2 Replies
View Related
Nov 21, 2011
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
View 2 Replies
View Related
Dec 26, 2011
I plugged an IP device into a 2960 Catalyst switch. The port is up, but there is no MAC address learned on it:
TNSWAGCS01002(config-if)#do sh mac add int fa0/16
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
TNSWAGCS01002(config-if)#
TNSWAGCS01002(config-if)#do sh int fa0/16
FastEthernet0/16 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0064.40ee.f510 (bia 0064.40ee.f510)
Description: --- STC ---
[code]....
I read that it may be a L1/L2 issue. We tried with another ethernet cable. We also tried with another IP device of the same model. That did not solve the issue.
View 2 Replies
View Related
Dec 4, 2011
I have some error messages in the Nexus 7000 log, after searching i cannot find an adequate explanation, pretty much the only thing i can find is below and i don’t think it is very relevant to my situation. The device is in production and so reloading and pulling card willy nilly is the last resort.
Device = Nexus 7018
IOS version = 5.1(2)
Log messages=
2011 Dec 2 14:52:35 IAS01LVSWIPC01 %OC_USD-SLOT8-2-RF_CRC: OC2 received packets with CRC error from MOD 6 through XBAR slot 1/inst 1 and slot 2/inst 1 and slot 3/inst 1
[code]....
View 3 Replies
View Related
Oct 30, 2011
I have configured a new switch 3560 switch and connected to 4500 switch and formed a trunk connectivity.Now the issue i am facing is when i do a SH CDP NEIGHBOUR from 3560 switch i am able so see 4500 swries switch but at the same time when i do SH CDP NEIGHBOUR form 4500 series switch i am not able to see the entry for 3560 switch.But i am able to telnet the new switch with out any issues
View 11 Replies
View Related
Feb 2, 2009
Is there any way to clear a single ARP cache entry on the 6500 switch ?
View 8 Replies
View Related
Dec 22, 2011
The issue is occuring on our local LAN where my ARP requests are being modified after a period of time by the router for one host. I'm finding that the host will work fine with the correct MAC IP pairing for a period of time and then about 15-30 minutes later, the arp table is changing so the associated mac/IP address is now the mac address of the router interface.
The FastEthernet 0/1 port has no ip proxy-arp enabled and is set with ip nat inside.This only started happening after restarting the router, however the running config was saved as the startup config prior to the restart.I've tried hard-coding the entry with the command arp 10.15.4.190 c82a.1459.0579 ARPA however that is not working as expected.
The device is an 1841 ISR with the advanced IP Services bundle loaded. Is there some way that the router is viewing my host (provides DNS, Directory Services) as a intrustion attempt and somehow rejecting the packets?
View 1 Replies
View Related
Feb 29, 2012
Need to remove the IPSec VPN SPA module from the 6509 chassis. Does the module is hot swappable or does the 6509 need to be turned off prior to removal.
View 2 Replies
View Related
Nov 3, 2011
In my lab, there are some machines that are connected using Cisco 2950 switches. Those machines belong to a VLAN.Now I need to modify the VLAN settings of the machines and as such I also need to modify the VLAN settings on the ports on the Cisco switches.
In order to do this, first I need to login to those switches, but due to a lack of knowledge transfer, I don't have the password. Is the some generic password?Second I will need to modify the VLAN settings on each individual port. How can I do this?
View 2 Replies
View Related
Mar 14, 2013
I need a switch to configure a static ARP entry for a MS NLB multicast.
Could answer me if I can do with the SRW2024-K9-BR?
View 4 Replies
View Related
Aug 23, 2009
Aug 24 11:32:16.275 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan21, changed state to down
Aug 24 11:32:36.827 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan21, changed state to up
Aug 24 11:35:23.854 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1/2, changed state to down
Aug 24 11:35:24.854 AEST: %LINK-3-UPDOWN: Interface FastEthernet0/1/2, changed state to downesw_mrvl_vlan_port_remove : Unable to find entry for VLAN(1) dbnum(1)
esw_mrvl_vlan_port_remove : Unable to find entry for VLAN(1) dbnum(1)(code)
When the above problem happens, as work-around, we delete VLAN.DAT file on the Compact Flash of this 2811 router and recopy the VLAN>DAT file back to teh Compact Flash.
Then it runs for a few weeks and the same problem happened.
Then we put a new Compact Flash and recopied VLAN.DAT to new CF and it ran for 3 weeks and same problem started again.
Could be 2811 router motherboard? This customer has thousands of these 2811 routers in identical setups and this is the only router that is having this problem.
View 6 Replies
View Related
Mar 17, 2013
If a router receives EIGRP (AD90) routes, and is configured to redistribute thoes routes into BGP(AD20), why does the RIB show only the incoming EIGRP routes and not the redistributed bgp routes? Are redistributed routes considered for RIB entry in the router that is doing the redistribution
View 2 Replies
View Related
Jun 8, 2007
How do you properly remove the QOS queues and configs from the switch.A was using auto qos which created a whole mess of qos configs on my running-config. I did "no mls qos" in conf term but that did not remove the queues.
View 3 Replies
View Related
Mar 25, 2012
we have a WS-C6509-E WITH SUP VS-S720-10G, and IOS s72033-advipservicesk9_wan-mz.122-33.SXI5.bin. [code]
From, what we can see, whenever we try to clear arp-cache, it doesn't remove the IPs from the ARP. We've checked a bug in the IOS 12.2(33)SXH4 with the same issue, in version SXI4 is solved, but I have version SXI5, it is supposed to be fixed, from this caveat CSCtf16300, since it says it was fixed on 12.2(33)SXI4, it should be fixed on SXI5, right ?
View 2 Replies
View Related
Apr 30, 2013
We currently have a stack of 5 x 3750 switches and i want to remove switch number 3 (it has the least number of things plugged in). What will happen to switch 4 and 5 will they be renumbered 3 and 4, and will the config automatically update this if it does?
View 2 Replies
View Related
Aug 9, 2012
I have a 3500 XL switch with the following default gate IP address that i need to clear from the switch but not quite shore how to remove it.
I've removed the customer original Ip for security reason as this is an open discussion forum and just replaced with 1.1.1.1
switch#show ru
Building configuration...
Current configuration:
!
[Code].....
View 2 Replies
View Related
Jul 17, 2012
what is the best way to remove configs from ports (GigE or Fa) in a 6500 that we aren't using anymore (i.e. best way to return a port to default). Remove each line one at a time or is there a command to default a port?
View 2 Replies
View Related
Aug 12, 2012
I'm having trouble with a Cisco Catalyst 2950 Series Switch where by I'm following the procedure from Cisco's web site to remove the Banner and login information, url..
Each command is being accepted by the switch from following the information given within the help sheet above,the problem i have now is when i turn the power off then turn the switch back on I'm still getting the banner and login information even though i have follwed Cisco's help correctly.
View 2 Replies
View Related
Jan 23, 2011
We currently have two 6509's running in VSS, both switches have a WS-6748-GE module in slot 3. I'm in the processing of removing these modules. I will then be replacing them with a different module type, but I need to know how to remove the old configuration of the previous modules.
View 4 Replies
View Related
Feb 20, 2012
I have been given 2 x 3750 switches that were a stack, I need to keep the configs on both but how do I make them individual switches again and remove the stack info?
View 3 Replies
View Related
Mar 5, 2012
I have removed an embbedded service engine modole from an 2951 router, after reboot the rouiter. the service engine interface still appears; any command can I use to completely remove it.
View 2 Replies
View Related
May 2, 2013
is it easy to remove the 3750x stacking? i'd like to test one of them on a sunday and keep the other one on production. it's just two stack of 3750x, is it hard and do i really need to remove the cables on the back?
basically i need to put a different config for my testing, i gues i need to remove the cables right? and put it back on the stack before monday.
View 2 Replies
View Related
Jan 21, 2013
Any example, tested on 3750-24/48TS and 3750G-24TS to remove the fan to make the switch more silent. I'm not interested in replies telling that is risky, I'm interested to know how is the switch acting. Has shutdown at overheating? I will use the switches only for my CCIE studies, a couple of hours per day, no heavy load.
I tested with 2950 switches are there were absolutely no problems, the devices were even in production.
View 1 Replies
View Related
Jun 11, 2013
i want to remove the sync-profile on each of two synchronized Nexus 5596UP without loosing the config stored in Switch-Profile. That means without connectivity interruption and re-configuration of interfaces in "conf t mode", for example. Since NX-OS Release 5.2(1)N1(1) there is a new command
switch(config-sync)# no switch-profile abc profile-onlyprofile-only—Deletes the switch profile without the local configuration.
[URL]
View 2 Replies
View Related
Aug 6, 2012
On a number of 6500 chassis it appears that linecard 3 did exist at somepoint, but was removed.Problem is that when issuing the 'show int desc' or 'show ip int brie' the ports for the still appear, and indeed same with 'show run' and 'show conf'.
View 1 Replies
View Related
Jan 11, 2012
we've had an issue with our network, we have 2 6509 connected with redundancy, which are connected with 2 x 4900 Switches, from which are connected to a ESX Chassis for visualization, the thing is that the ESX stopped working, and the 4900 switches, and the main core were suffering from overload, they hang on it very well, in order to stop the overload, one of the links to the ESX Chassis were disconnected from one of the 4900 switches. The CPU usage from the 4900 and the core(6509) went down below 40%, and then they started to migrate the virtual servers from the chassis to another 2 chassis that were added right after. They were actually working well, but suddenly the 6509 changed to the other supervisor after everything was OK. We were wondering what could have been the cause of this, maybe the virtual servers migrations, maybe the overload from the ESX ? We also had a few question, is there any need to reload the cores every few months as a planned task ? Because the cores have been up for more than 1 year. And also is there any kind of of tool to monitor the CPU status, or the status overall from the cores or the switches ?
View 3 Replies
View Related
Apr 11, 2012
The have around 80 staff and I think the current infrastructure is overkill for the size of the company. The current kit is old and they have no GB ethernet ports. They currently have:-
Core Switch:
1x Cisco c6509with a 48 port fast ethernet module (WS-X6248-RJ-45)
and an 8 port fibre module (WS-X6408A-GBIC)
I'm looking to replace this with something with 72 ethernet ports and 8 fibre ports
Access Switches:
2x 3500Replacement needs at least 48 ports and 2 fibre modules each
and 2x 5500Replacement needs at least 72 ports and 2 fibre modules each.
View 13 Replies
View Related
